selinux and oracle instantclient
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 30 14:32:51 UTC 2010
On 03/30/2010 10:17 AM, Arian wrote:
> Hello all,
> I am using Oracle 11.2 instant client on CentOS (which i heard is
> based a version of Fedora/RedHat), and I was trying to use php's PDO
> and oci8 modules to test connections to Oracle.
>
> I had originally gotten a php error about pdo_oci.so/oci8.so
> <http://pdo_oci.so/oci8.so> data execution on a dynamic link library,
> libclsh. I asked selinux boards and they said to try 'setsebool -P
> allow_execstack on'... I think after that change, i still had issues,
> so they suggested to turn it off temporarily to see if it works...
>
> So I went into /etc/sysconfig/selinux and set:
> SELINUX=disabled
> and my script connected and read some rows from the oracle db.
>
>
> Im not sure if anyone has had issues with oracle client to work with
> selinux, without turning it off.
> I saw a blog stating to run these, but i have no idea if it will work
> for my version of oracle, or what it does:
> "tail -f /var/log/audit/audit.log | tee oracle.log
> audit2allow -M oracle < oracle.log
> semodule -i oracle.pp"
>
>
> Thanks!,
> Ari
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
If you turn it back on, contact me and we can work through the problems.
SELINUX=permissive
Would have allowed your processes to work and logged all of the errors.
Which we could have then fixed.
SELinux error messages are written as "AVC" messages in
/var/log/audit/audit.log
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20100330/10c4c0bf/attachment.html
More information about the selinux
mailing list